docker geovis_如何访问k8s内部服务

最新推荐文章于 2022-12-03 21:44:50 发布
最新推荐文章于 2022-12-03 21:44:50 发布
阅读量195 收藏
点赞数
文章标签: docker geovis
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_32968007/article/details/111923653
版权

1. 背景

常见的客户端访问k8s内部服务的方式是通过设置service.type设置为nodeport,通过物理机ip+nodeport映射到k8s服务的地址。但是,nodeport会占用物理机端口号资源,而且端口号个数是有限制的(默认端口号范围在30000-32767之间),因此,本文介绍通过ingress方式来映射k8s内部服务,ingress控制器较多,常见的有ingress-nginx,ingress-traefik,istio的ingress等。

下面将重点介绍nginx和traefik的使用。

2. ingress-nginx

2.1 部署yaml文件准备

myapp服务的yaml文件,服务映射8000端口

apiVersion: v1

kind: Service

metadata:

name: webapp-svc

labels:

app: webapp-svc

spec:

type: NodePort

ports:

- port: 8000

targetPort: 8000

selector:

app: webapp

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: webapp-deploy

labels:

app: webapp-deploy

spec:

replicas: 1

template:

metadata:

labels:

app: webapp

spec:

containers:

- name: webapp

image: hub.geovis.io/zhangjx/flask:app

ingress-nginx的yaml部署文件

apiVersion: v1

kind: Namespace

metadata:

name: ingress-nginx

labels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

---

# Source: ingress-nginx/templates/controller-serviceaccount.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/controller-configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx-controller

namespace: ingress-nginx

data:

---

# Source: ingress-nginx/templates/clusterrole.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

name: ingress-nginx

rules:

- apiGroups:

- ''

resources:

- configmaps

- endpoints

- nodes

- pods

- secrets

verbs:

- list

- watch

- apiGroups:

- ''

resources:

- nodes

verbs:

- get

- apiGroups:

- ''

resources:

- services

verbs:

- get

- list

- update

- watch

- apiGroups:

- extensions

- networking.k8s.io # k8s 1.14+

resources:

- ingresses

verbs:

- get

- list

- watch

- apiGroups:

- ''

resources:

- events

verbs:

- create

- patch

- apiGroups:

- extensions

- networking.k8s.io # k8s 1.14+

resources:

- ingresses/status

verbs:

- update

- apiGroups:

- networking.k8s.io # k8s 1.14+

resources:

- ingressclasses

verbs:

- get

- list

- watch

---

# Source: ingress-nginx/templates/clusterrolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

name: ingress-nginx

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: ingress-nginx

subjects:

- kind: ServiceAccount

name: ingress-nginx

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/controller-role.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx

namespace: ingress-nginx

rules:

- apiGroups:

- ''

resources:

- namespaces

verbs:

- get

- apiGroups:

- ''

resources:

- configmaps

- pods

- secrets

- endpoints

verbs:

- get

- list

- watch

- apiGroups:

- ''

resources:

- services

verbs:

- get

- list

- update

- watch

- apiGroups:

- extensions

- networking.k8s.io # k8s 1.14+

resources:

- ingresses

verbs:

- get

- list

- watch

- apiGroups:

- extensions

- networking.k8s.io # k8s 1.14+

resources:

- ingresses/status

verbs:

- update

- apiGroups:

- networking.k8s.io # k8s 1.14+

resources:

- ingressclasses

verbs:

- get

- list

- watch

- apiGroups:

- ''

resources:

- configmaps

resourceNames:

- ingress-controller-leader-nginx

verbs:

- get

- update

- apiGroups:

- ''

resources:

- configmaps

verbs:

- create

- apiGroups:

- ''

resources:

- endpoints

verbs:

- create

- get

- update

- apiGroups:

- ''

resources:

- events

verbs:

- create

- patch

---

# Source: ingress-nginx/templates/controller-rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx

namespace: ingress-nginx

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: ingress-nginx

subjects:

- kind: ServiceAccount

name: ingress-nginx

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/controller-service-webhook.yaml

apiVersion: v1

kind: Service

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx-controller-admission

namespace: ingress-nginx

spec:

type: ClusterIP

ports:

- name: https-webhook

port: 443

targetPort: webhook

selector:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/component: controller

---

# Source: ingress-nginx/templates/controller-service.yaml

apiVersion: v1

kind: Service

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx-controller

namespace: ingress-nginx

spec:

type: NodePort

ports:

- name: http

port: 80

protocol: TCP

targetPort: http

- name: https

port: 443

protocol: TCP

targetPort: https

selector:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/component: controller

---

# Source: ingress-nginx/templates/controller-deployment.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: controller

name: ingress-nginx-controller

namespace: ingress-nginx

spec:

selector:

matchLabels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/component: controller

revisionHistoryLimit: 10

minReadySeconds: 0

template:

metadata:

labels:

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/component: controller

spec:

dnsPolicy: ClusterFirst

containers:

- name: controller

image: k8s.gcr.io/ingress-nginx/controller:v0.35.0@sha256:fc4979d8b8443a831c9789b5155cded454cb7de737a8b727bc2ba0106d2eae8b

imagePullPolicy: IfNotPresent

lifecycle:

preStop:

exec:

command:

- /wait-shutdown

args:

- /nginx-ingress-controller

- --election-id=ingress-controller-leader

- --ingress-class=nginx

- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller

- --validating-webhook=:8443

- --validating-webhook-certificate=/usr/local/certificates/cert

- --validating-webhook-key=/usr/local/certificates/key

securityContext:

capabilities:

drop:

- ALL

add:

- NET_BIND_SERVICE

runAsUser: 101

allowPrivilegeEscalation: true

env:

- name: POD_NAME

valueFrom:

fieldRef:

fieldPath: metadata.name

- name: POD_NAMESPACE

valueFrom:

fieldRef:

fieldPath: metadata.namespace

livenessProbe:

httpGet:

path: /healthz

port: 10254

scheme: HTTP

initialDelaySeconds: 10

periodSeconds: 10

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 5

readinessProbe:

httpGet:

path: /healthz

port: 10254

scheme: HTTP

initialDelaySeconds: 10

periodSeconds: 10

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 3

ports:

- name: http

containerPort: 80

protocol: TCP

- name: https

containerPort: 443

protocol: TCP

- name: webhook

containerPort: 8443

protocol: TCP

volumeMounts:

- name: webhook-cert

mountPath: /usr/local/certificates/

readOnly: true

resources:

requests:

cpu: 100m

memory: 90Mi

serviceAccountName: ingress-nginx

terminationGracePeriodSeconds: 300

volumes:

- name: webhook-cert

secret:

secretName: ingress-nginx-admission

---

# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml

# before changing this value, check the required kubernetes version

# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites

apiVersion: admissionregistration.k8s.io/v1beta1

kind: ValidatingWebhookConfiguration

metadata:

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

name: ingress-nginx-admission

webhooks:

- name: validate.nginx.ingress.kubernetes.io

rules:

- apiGroups:

- extensions

- networking.k8s.io

apiVersions:

- v1beta1

operations:

- CREATE

- UPDATE

resources:

- ingresses

failurePolicy: Fail

sideEffects: None

admissionReviewVersions:

- v1

- v1beta1

clientConfig:

service:

namespace: ingress-nginx

name: ingress-nginx-controller-admission

path: /extensions/v1beta1/ingresses

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

name: ingress-nginx-admission

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

name: ingress-nginx-admission

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

rules:

- apiGroups:

- admissionregistration.k8s.io

resources:

- validatingwebhookconfigurations

verbs:

- get

- update

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: ingress-nginx-admission

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: ingress-nginx-admission

subjects:

- kind: ServiceAccount

name: ingress-nginx-admission

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

name: ingress-nginx-admission

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

rules:

- apiGroups:

- ''

resources:

- secrets

verbs:

- get

- create

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

name: ingress-nginx-admission

annotations:

helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: Role

name: ingress-nginx-admission

subjects:

- kind: ServiceAccount

name: ingress-nginx-admission

namespace: ingress-nginx

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml

apiVersion: batch/v1

kind: Job

metadata:

name: ingress-nginx-admission-create

annotations:

helm.sh/hook: pre-install,pre-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

spec:

template:

metadata:

name: ingress-nginx-admission-create

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

spec:

containers:

- name: create

image: docker.io/jettech/kube-webhook-certgen:v1.2.2

imagePullPolicy: IfNotPresent

args:

- create

- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc

- --namespace=$(POD_NAMESPACE)

- --secret-name=ingress-nginx-admission

env:

- name: POD_NAMESPACE

valueFrom:

fieldRef:

fieldPath: metadata.namespace

restartPolicy: OnFailure

serviceAccountName: ingress-nginx-admission

securityContext:

runAsNonRoot: true

runAsUser: 2000

---

# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml

apiVersion: batch/v1

kind: Job

metadata:

name: ingress-nginx-admission-patch

annotations:

helm.sh/hook: post-install,post-upgrade

helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

namespace: ingress-nginx

spec:

template:

metadata:

name: ingress-nginx-admission-patch

labels:

helm.sh/chart: ingress-nginx-2.13.0

app.kubernetes.io/name: ingress-nginx

app.kubernetes.io/instance: ingress-nginx

app.kubernetes.io/version: 0.35.0

app.kubernetes.io/managed-by: Helm

app.kubernetes.io/component: admission-webhook

spec:

containers:

- name: patch

image: docker.io/jettech/kube-webhook-certgen:v1.2.2

imagePullPolicy: IfNotPresent

args:

- patch

- --webhook-name=ingress-nginx-admission

- --namespace=$(POD_NAMESPACE)

- --patch-mutating=false

- --secret-name=ingress-nginx-admission

- --patch-failure-policy=Fail

env:

- name: POD_NAMESPACE

valueFrom:

fieldRef:

fieldPath: metadata.namespace

restartPolicy: OnFailure

serviceAccountName: ingress-nginx-admission

securityContext:

runAsNonRoot: true

runAsUser: 2000安装

[root@t34 ingress-nginx]# kubectl apply -f deploy.yaml

namespace/ingress-nginx created

serviceaccount/ingress-nginx created

configmap/ingress-nginx-controller created

clusterrole.rbac.authorization.k8s.io/ingress-nginx created

clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created

role.rbac.authorization.k8s.io/ingress-nginx created

rolebinding.rbac.authorization.k8s.io/ingress-nginx created

service/ingress-nginx-controller-admission created

service/ingress-nginx-controller created

deployment.apps/ingress-nginx-controller created

validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created

serviceaccount/ingress-nginx-admission created

clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created

clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created

role.rbac.authorization.k8s.io/ingress-nginx-admission created

rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created

job.batch/ingress-nginx-admission-create created

job.batch/ingress-nginx-admission-patch created查看

[root@t34 ingress-nginx]# kubectl get pod -n ingress-nginx

NAME READY STATUS RESTARTS AGE

ingress-nginx-admission-create-jpcb9 0/1 Completed 0 22s

ingress-nginx-admission-patch-znpw5 0/1 Completed 1 22s

ingress-nginx-controller-744597d577-4tgbf 1/1 Running 0 22s

[root@t34 ingress-nginx]# kubectl get svc -n ingress-nginx

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

ingress-nginx-controller NodePort 10.43.237.103 80:31036/TCP,443:32012/TCP 65s

ingress-nginx-controller-admission ClusterIP 10.43.113.189 443/TCP 65s

2.2 测试添加ingress配置文件

[root@t34 ingress-nginx]# cat example-ingress-nginx.yaml

apiVersion: networking.k8s.io/v1beta1

kind: Ingress

metadata:

name: example-ingress-nginx

annotations:

kubernetes.io/ingress.class: nginx

spec:

rules:

- host: example.nginx.com

http:

paths:

- path: /

backend:

serviceName: webapp-svc

servicePort: 8000测试

[root@t34 ingress-nginx]# kubectl apply -f example-ingress-nginx.yaml

ingress.networking.k8s.io/example-ingress-nginx created

[root@t34 ingress-nginx]# kubectl get ingress

NAME HOSTS ADDRESS PORTS AGE

example-ingress-nginx example.nginx.com 80 5s

[root@t34 ingress-nginx]# curl -H "Host: example.nginx.com" 192.168.4.32:31036

user example

通过ingress-nginx下的service( ingress-nginx-controller)来访问webapp服务。

3. ingress-traefik

3.1 部署yaml文件准备

apiVersion: v1

kind: ServiceAccount

metadata:

name: traefik-ingress-controller

namespace: kube-system

---

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: traefik-ingress-controller

rules:

- apiGroups:

- ""

resources:

- services

- endpoints

- secrets

verbs:

- get

- list

- watch

- apiGroups:

- extensions

resources:

- ingresses

verbs:

- get

- list

- watch

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: traefik-ingress-controller

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: traefik-ingress-controller

subjects:

- kind: ServiceAccount

name: traefik-ingress-controller

namespace: kube-system

---

kind: Deployment

apiVersion: apps/v1

metadata:

name: traefik-ingress-controller

namespace: kube-system

labels:

k8s-app: traefik-ingress-lb

spec:

replicas: 1

selector:

matchLabels:

k8s-app: traefik-ingress-lb

template:

metadata:

labels:

k8s-app: traefik-ingress-lb

name: traefik-ingress-lb

spec:

serviceAccountName: traefik-ingress-controller

terminationGracePeriodSeconds: 60

# tolerations:

# - operator: "Exists"

# nodeSelector:

# kubernetes.io/hostname: master

containers:

- image: traefik:v1.7.17

name: traefik-ingress-lb

ports:

- name: http

containerPort: 80

- name: admin

containerPort: 8080

args:

- --api

- --kubernetes

- --logLevel=INFO

---

kind: Service

apiVersion: v1

metadata:

name: traefik-ingress-service

namespace: kube-system

spec:

selector:

k8s-app: traefik-ingress-lb

ports:

- protocol: TCP

port: 80

name: web

- protocol: TCP

port: 8080

name: admin

type: NodePort安装

[root@t34 k8s]# kubectl apply -f ingress-traefik/

ingress.networking.k8s.io/example-ingress-traefik created

serviceaccount/traefik-ingress-controller created

clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created

clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created查看

[root@t34 k8s]# kubectl get pod -n kube-system |grep traefik

traefik-ingress-controller-658698fc8-9ghsl 1/1 Running 0 42s

[root@t34 k8s]# kubectl get svc -n kube-system |grep traefik

traefik-ingress-service NodePort 10.43.184.34 80:30776/TCP,8080:31812/TCP 48s

[root@t34 k8s]#

3.2 测试添加ingress配置文件

[root@t34 ingress-traefik]# cat example-ingress-traefik.yaml

apiVersion: networking.k8s.io/v1beta1

kind: Ingress

metadata:

name: example-ingress-traefik

annotations:

kubernetes.io/ingress.class: traefik

spec:

rules:

- host: example.traefik.com

http:

paths:

- path: /

backend:

serviceName: webapp-svc

servicePort: 8000测试

[root@t34 ingress-traefik]# kubectl apply -f example-ingress-traefik.yaml

ingress.networking.k8s.io/example-ingress-traefik created

[root@t34 ingress-traefik]# kubectl get ingress

NAME HOSTS ADDRESS PORTS AGE

example-ingress-nginx example.nginx.com 192.168.4.91 80 10m

example-ingress-traefik example.traefik.com 80 7s

[root@t34 ingress-traefik]# curl -H "Host: example.traefik.com" 192.168.4.34:30776

user example

4. 结语

k8s作为承载微服务时代的利器,掌握各个服务流量的流向是至关重要的一环,要清楚客户端的流量是如何流向服务端?内部服务之间的是如何访问?不同的场景下如何选择clusterip,nodeport,ingress,gateway等方式?了解如何完成dns解析等过程都是非常有必要的。

小爱酱的万水千山
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
k8s学习笔记-容器概念入门(四)-重新认识Docker 容器】
Amelie123的博客
08-14 311
简单部署应用,重新认识docker 容器
docker容器内部可以访问,外部无法访问
weixin_45085844的博客
05-20 6161
服务学习过程当中,遇到docker容器内部可以访问,外部无法访问问题
k8s服务寻址
qq_17303159的博客
12-28 330
服务寻址 <servicename>.<namespace>.svc.cluster.local
docker的接口 外部如何访问k8s_本地服务调用K8S环境中的SpringCloud微服务实战
qingdao666666的博客
08-22 444
欢迎访问我的GitHub https://github.com/zq2599/blog_demos 内容:原创文章分类汇总及配套源码,涉及Java、DockerK8S、Devops等 下图是典型的微服务在Kubernetes环境的部署情况(简化版):695ce6cc0f835f8fe3a7afd147a6c889.png在开发阶段,如果服务B还在开发中,部署情况如下图所示:121da2df58098756ada50020902247fd.png此时的服务B如何才能访问到注册中心和服务A呢? 常规手段
k8s外部访问的几种方法实践
热门推荐
swan_tang的博客
04-15 1万+
学习k8s的路上。。。 本次实践是本地部署了minikube 单节点的k8s 环境,minikube是一个虚拟机环境,只有一个节点,节点ip:172.17.0.2 ,自己打包了一个镜像 jalcge/k8s ,镜像里开放端口8080 ,服务是3个副本,支持滚动更新,给容器传参数进行滚动更新,启动服务后,http外部访问。 基础 Deployment: apiVersion: apps/v1 kind: Deployment metadata: name: k8stest # depl
解决Windows/Mac版Desktop Docker中自带的K8s无法访问pod ip
weixin_43958308的博客
12-03 2297
解决Windows/Mac版Desktop Docker中自带的K8s无法访问pod ip pod servcie 感兴趣可以搜一下 port-forward 原理,还没时间研究,无法直接访问ip大概原因和在windows/mac下docker无法用host模式相关,linux下无此问题
docker容器化+k8s集群部署教程以及springboot+vue部署示例
最新发布
04-11
本文介绍VMware虚拟机下centos7操作系统中如何安装云原生 Kubernetes(k8s)集群、k8s可视化界面kuboard,以及如何利用docker容器化将springboot+vue项目在k8s集群中部署运行。
docker_k8s_adm1.15.tar.gz
08-02
docker_k8s_adm1.15.tar.gz
【价值366!!超清视频+源码】Docker+Kubernetes(k8s)微服务容器化及多技术综合实践
10-13
从整体上把握微服务,体会服务Docker化,理解服务编排,以及主流的服务编排框架——Kubernetes,了解它的架构,知道它的运作原理,知道如何安装、使用及如何部署微服务3 i
docker_k8s_addon_resizer.tar.gz
08-01
docker_k8s_addon_resizer.tar.gz
k8s-06-服务发现
青龙小码农
01-28 509
掌握 SVC 原理及其构建方式 Pod、RC、Service关系 Service Service定义了一个服务访问入口地址,前端的应用(Pod)通过这个入口地址访问其背后的一组由Pod副本组成的集群实力。 Service与其后端Pod副本集群之间则是通过Label Selector来实现"无缝对接"。而RC的作用实际上是保证Service 的服务能力和服务质量处于预期的标准。 Service能够提供负载均衡能力,但是在使用上还有以下限制: 只提供4层负载,没有7层功能,但有时我们可能需要更多的匹配规
让外部网络访问K8S service的四种方式
lyk-ops
09-21 1万+
本文基于kubernetes 1.5.2版本编写 kube-proxy+ClusterIP kubernetes版本大于或者等于1.2时,配置: 修改master的/etc/kubernetes/proxy,把KUBE_PROXY_ARGS=”“改为KUBE_PROXY_ARGS=”–proxy-mode=userspace” 重启kube-proxy服务 在核心路由设备或者源主...
K8s(6)——kubernetes之Pod通信以及ingress部署
Ghost_0110
02-24 1152
文章目录前言1、 前言 1、
ip地址 k8s 显示pod_访问k8s内部pod service网络
weixin_29156679的博客
12-31 694
kafa部署在k8s中,并且使用statefulset 方式部署,应用pod连接kafka 使用kafka-0.kafka-hs.sy-platform-demo.svc.cluster.local.:9093, 如果k8s 外部开发测试,无法连接,所以需要外部网络与pod service网络打通#kafka注册到zk中[zk: localhost:2181(CONNECTED) 5] get...
docker geovis_docker部署前端和后端打包程序
weixin_33877700的博客
01-14 230
docker部署前端vue打包程序、后端java打包程序。前端vue打包后部署在nginx容器,后端部署在jdk8或tomcat等容器。1、前端打包程序部署准备环境:docker、nginx镜像docker启动命令:docker run -d -p 80:80--name nginx--privileged=true--restart=always-v /data2/geovis/docker-n...
docker的接口 外部如何访问k8s_k8s-集群搭建之 docker开启远程访问
weixin_36414864的博客
12-23 405
centos6默认情况下,Docker守护进程Unix socket(/var/run/docker.sock)来进行本地进程通信,而不会监听任何端口,因此只能在本地使用docker客户端或者使用Docker API进行操作。如果想在其他主机上操作Docker主机,就需要让Docker守护进程打开一个HTTP Socket,这样才能实现远程通信。编辑docker的配置文件/etc/sysconfi...
nginx部署vue项目以及注意事项
weixin_42356358的博客
06-20 1216
nginx安装图解: https://blog.csdn.net/dyllove98/article/details/8892509 安装完成一般常用命令 进入安装目录中, 命令: cd /usr/local/nginx/sbin 启动,关闭,重启,命令: ./nginx 启动 ./nginx -s stop 关闭 ./nginx -s reload 重启 若想使用外部主机连接上虚拟机访问端口19...
k8s解析service地址方式
weixin_30535043的博客
07-17 1362
[root@k8s-master ~]# dig -t A kubernetes.default.svc.cluster.local. @10.96.0.10 ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t A kubernetes.default.svc.cluster.local. @10.9...
CentOS 8 + Docker + Nginx + K8s双机热备部署教程
本篇文档详细介绍了在CentOS 8环境下,通过Docker、Nginx和Kubernetes (K8s) 实现双机热备部署的过程。作者在两台虚拟CentOS 8系统中进行了实际操作,确保了整个步骤的可复制性。以下是主要知识点的概述: 1. **...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值